Research

Methodology talks at BSides

94 talks tagged Methodology from 41 chapters of BSides events worldwide.

Measuring Cybersecurity Maturity with the NIST CSF

BSides Vancouver · 2021

Technical GRC Threat Modeling Case Studies and Incidents Analysis Methodology Talk

Open →2021-06

Diamond Model for Intrusion Analysis: What You Need to Know

Andy Pendergast

BSides DC · 2014

Research Blue Methodology Talk

Open →2014-10

Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK

Jackie Lasky Sarah Yoder

BSides DC · 2019

Technical Purple Methodology Technical Deep-dives Talk

Open →2019-11

David Bianco - The Secret Origins of the Pyramid of Pain

BSides Augusta · 2022

Technical Detection Engineering Threat Intel Intermediary Blue Case Studies and Incidents Analysis Methodology Talk

Open →2022-10

John Heasman - Doing More in AppSec by Doing Less

BSides Knoxville

Technical Threat Modeling Web AppSec Blue Methodology Talk

Open →2024-09

Malware Behavior Catalog

Desiree Beck Haley Bui-Nguyen

BSides DC · 2019

Research Empirical Research Methodology Talk

Open →2019-10

0-day Research Disassembled

Chris Lyne David Wells Jimi Sebree

BSides DC · 2019

Research Advanced Case Studies and Incidents Analysis Methodology Talk

Open →2019-11

Find, Fix, Finish: Generating Competitive Advantage With Threat Hunting

BSides Canberra · 2024

Technical Detection Engineering Threat Intel Blue Methodology Talk

Open →2024-10

Exploit Prediction Scoring System (EPSS) - The User Guide - Chris Madden

BSides Dublin · 2024

Technical Threat Intel Vulnerability Research Empirical Research Methodology Talk

Open →2024-06

Enterprise Security Monitoring: Comprehensive Intel-Driven Detection

BSides Augusta · 2013

Technical Detection Engineering Threat Intel Methodology Talk

Open →2013-09

Finding & Exploiting Client-Side Prototype Pollution in the Wild

BSides Ahmedabad · 2021

Technical Vulnerability Research Web AppSec Red Case Studies and Incidents Analysis Methodology Talk

Open →2022-02

How to Stop Worrying & Build a Modern Detection & Response Program

BSides Berlin · 2023

Technical Detection Engineering Threat Intel Threat Modeling Blue Methodology Talk

Open →2024-01

Hardware Hacking the Internet of Things (IoT)

BSides Belfast · 2025

Research Technical Methodology Technical Deep-dives Talk

Open →2025-02

The Practical Application Of Indirect Prompt Injection Attacks

David Willis-Owen

BSides London · 2025

Technical Red Case Studies and Incidents Analysis Methodology Talk

Open →2025-02

MITRE D3FEND and How to Master It

BSides Sydney · 2025

Technical Detection Engineering Threat Intel Threat Modeling Blue Case Studies and Incidents Analysis Methodology Talk

Open →2025-02

Cyber Crash Investigations: Seizing the Opportunity to Learn from Fast Crisis

Julia Wigton David Stokes

BSides Las Vegas · 2023

Research Case Studies and Incidents Analysis Methodology Talk

Open →2023-08

Defensive Security Research is Sexy too (& Real Sign of Skill)

Ollie Whitehouse

BSides London · 2014

Research Methodology Technical Deep-dives Talk

Open →2014-05

Keeping CTI on Track: An Easier Way to Map to MITRE ATT&CK

BSides DC · 2019

Research Technical Blue Methodology Technical Deep-dives Demo Talk

Open →2019-10

Hunting Supply Chain Threats Using Anomaly Detection

Craig Chamberlain

BSidesSF · 2023

Technical Cloud IAM Detection Engineering Supply Chain Security Case Studies and Incidents Analysis Methodology Talk

Open →2023-05

Forecasting Cyber Attacks

Charlene Deaver-Vazquez

BSides Charm · 2022

Technical Threat Intel Threat Modeling Methodology Technical Deep-dives Talk

Open →2022-07

Password Surveys are Shit!

BSides Las Vegas · 2022

Research Methodology Surveys and Landmarks Talk

Open →2022-09

When the Magic Wears Off: Flaws In ML For Security Evaluations - Lorenzo Cavallaro

Lorenzo Cavallaro

Research Advanced Empirical Research Methodology Talk

Open →2019-06

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All

Jonathan Leitschuh Patrick Way

BSides Las Vegas · 2022

Research Technical Supply Chain Security Vulnerability Research Case Studies and Incidents Analysis Methodology Talk

Open →2022-09

Testing Endpoint Security Solutions with Atomic Red Team

BSides Asheville · 2018

Technical Detection Engineering Threat Modeling Intermediary Blue Purple Methodology Demo

Open →2019-03

MS SQL Super Quality Logs

BSides Perth · 2023

Technical Detection Engineering Threat Intel Intermediary Blue Methodology Technical Deep-dives Talk

Open →2023-08

Enemy Within: Leveraging Purple Teams for Advanced Threat Detection & Prevention

Jayson Grace Adam Bradbury

BSides Las Vegas · 2023

Technical Detection Engineering Threat Intel Threat Modeling Purple Case Studies and Incidents Analysis Methodology Talk

Open →2023-10

How I Learned to Stop Worrying and Build a Modern Detection & Response Program

BSides Toronto · 2023

Technical Detection Engineering Threat Modeling Blue Methodology Talk

Open →2023-11

Plunder, Pillage and Print

BSides Boston · 2013

Technical Hardware Hacking Network Security OSINT Intermediary Red Case Studies and Incidents Analysis Methodology+1

Open →2013-06

Jonathan Magen - SPNDL: Security Policy Notation and Description Language

BSides Philly · 2020

Technical Methodology Technical Deep-dives Talk

Open →2020-12

Software Security Engineering: Learnings from the Past to Fix the Future

Debasis Mohanty

BSides Delaware · 2021

Technical Vulnerability Research Web AppSec Case Studies and Incidents Analysis Methodology Talk

Open →2021-11

LinkedIn OPSEC, Targeting Analysis and Countermeasures

Rich Wickersham

BSides NoVa · 2021

Research Technical OSINT Social Engineering Threat Intel Case Studies and Incidents Analysis Methodology Talk

Open →2021-06

Bugs Are Shallow: Finding Vulnerabilities In Top GitHub Projects

Laurence Tennant

Research Technical OWASP Vulnerability Research Web AppSec Red Empirical Research Methodology+1

Open →2024-02

Human Security Spaghetti & the Wall You're Throwing It At

Masha Arbisman Tom Porter

BSides Las Vegas · 2021

Technical Career & Soft Skills Intermediary Case Studies and Incidents Analysis Methodology Talk

Open →2021-08

Securing DNSSEC with Ritual and Ceremony

Smiljana Antonijevic

BSidesSF · 2018

Research Cryptography Case Studies and Incidents Analysis Methodology Talk

Open →2018-04

Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots

BSides Charm · 2025

Technical AI Security Detection Engineering Blue Case Studies and Incidents Analysis Methodology Talk

Open →2025-05

Why We Research

Marion Marschalek

BSides PDX · 2024

Research Methodology Keynote

Open →2024-11

Broken links — Behind the scenes of Supply Chain breaches

François Proulx

BSides NYC · 2023

Technical Supply Chain Security Case Studies and Incidents Analysis Methodology Talk

Open →2023-06

GT - Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs

Suha Sabi Hussain

BSides Las Vegas · 2024

Research Technical AI Security Supply Chain Security Vulnerability Research Methodology Technical Deep-dives Talk

Open →2024-09

Red Teaming a Manufacturing Network (Without Crashing It)

Johnny Medina Kyle Cucci

BSides Las Vegas · 2018

Technical War Stories Network Security Physical Security Red Methodology Talk

Open →2018-09

I Heart My Robot Overlords: Infosec Challenges in Emerging Technologies

BSides Peru · 2016

Research AI Security IoT Threat Modeling Vulnerability Research Methodology Technical Deep-dives Talk

Open →2016-06

Measuring the IQ of Your Threat Intelligence Feeds

Kyle Maxwell Alex Pinto

BSides Las Vegas · 2014

Research Technical Threat Intel Empirical Research Methodology Talk

Open →2016-12

CTI: It's All About The Process... Or Probably Should Be

BSides Bristol · 2025

Technical Threat Intel Intermediary Methodology Talk

Open →2025-01

USB Device Analysis

BSides SLC · 2017

Technical DFIR Hardware Hacking Malware Analysis Intermediary Blue Case Studies and Incidents Analysis Methodology+1

Open →2017-06

Kettle of Fish in a Barrel: Cloud Automation for Subdomain Takeovers

BSides Philly · 2020

Technical Cloud IAM OSINT Vulnerability Research Case Studies and Incidents Analysis Methodology Talk

Open →2020-12

How do you get your users to give up sex for a year: Security culture engineering

Jordan Schroeder

BSides Scotland · 2017

Community Career & Soft Skills Case Studies and Incidents Analysis Methodology Talk

Open →2017-04

Where and how to implement Security in Software Development

Radostina Kondakova Jordan Popov

BSides Sofia · 2022

Technical DevSecOps Threat Modeling Web AppSec Methodology Talk

Open →2022-04

AI in the Human Loop: GenAI in Security Service Delivery

Preeti Ravindra

BSides Las Vegas · 2024

Research AI Security Detection Engineering Empirical Research Methodology Talk

Open →2024-09

GT - Playing Games with Cybercriminals

Jonathan Lusthaus

BSides Las Vegas

Policy Empirical Research Methodology Talk

Open →2023-10

Securing Non-Human Identities in CI/CD Pipelines: The Next Major Attack Vector

Dhivya Balasubramanian Vikas Gattu

BSides Seattle · 2026

Technical Cloud IAM DevSecOps Supply Chain Security Intro Case Studies and Incidents Analysis Methodology Talk

Open →2026-03

Methods for Parsing New Mobile Apps: All about that data

BSidesROC · 2019

Technical Methodology Talk

Open →2019-08

Secrets Management and the Software Supply Chain: A Maturity Model for Secure Development

BSides Sydney · 2023

Technical DevSecOps Supply Chain Security Threat Intel Intermediary Blue Case Studies and Incidents Analysis Methodology+1

Open →2023-08

Scaling the Security Wall: Agile Threat Modeling for Complex Systems

Vineeth Sai Narajala

BSides Charm · 2024

Technical Cloud IAM DevSecOps Threat Modeling Methodology Talk

Open →2024-06

Screaming About Detection Coverage in ALLCAPS

BSides Philly · 2025

Technical Detection Engineering Threat Modeling Purple Empirical Research Methodology Talk

Open →2026-02

CVE Hunting: Wi-Fi Routers, OSINT & 'The Tyranny of the Default'

BSides Las Vegas · 2024

Technical Hardware Security OSINT Vulnerability Research Wireless Security Red Case Studies and Incidents Analysis Methodology+1

Open →2024-09

IOCs in your APIs

BSides Sydney · 2023

Technical Detection Engineering Threat Intel Intermediary Blue Case Studies and Incidents Analysis Methodology Talk

Open →2023-03

GT - Cognitive Security and Social Engineering: A Systems-Based Approach

Matthew Canham Ben D. Sawyer

BSides Las Vegas · 2023

Community Technical AI Security Social Engineering Threat Modeling Methodology Technical Deep-dives Talk

Open →2023-10

Become Unphishable

Brendan Eliason

BSides Philly · 2025

Community Technical Social Engineering Case Studies and Incidents Analysis Methodology Talk

Open →2024-01

Understanding the Modern Attack: A Review of the Adversary's Operational Lifecycle

BSides Vancouver · 2022

Technical Detection Engineering Threat Intel Threat Modeling Case Studies and Incidents Analysis Methodology Talk

Open →2022-07

Stalking Known Open Source Offenders for Novel CVEs

Bsides CT · 2020

Research DFIR Vulnerability Research Case Studies and Incidents Analysis Methodology Talk

Open →2020-11

Del CVE al CEO: Cómo Hacer que la Alta Dirección Escuche a los Hackers

BSides CDMX · 2025

Technical GRC Threat Modeling Vulnerability Research Intermediary Methodology Talk

Open →2025-07

Dominating the DBIR Data

Anastasia Atanasoff Gabriel Bassett

BSides Las Vegas · 2016

Research Empirical Research Methodology Talk

Open →2016-08

Developing a cybersecurity framework for commercial banks in South Africa - Tlhologelo Mphahlele

Tlhologelo Mphahlele

BSides Joburg · 2024

Research Case Studies and Incidents Analysis Empirical Research Methodology Talk

Open →2024-10

Conti Leaks and CARVER Analysis for Threat Intel Analysts

BSides Las Vegas

DFIR Malware Analysis Threat Intel Case Studies and Incidents Analysis Methodology Talk

Open →2023-10

Building The Best Team To Hunt The Biggest Threats

Career Threat Intel Case Studies and Incidents Analysis Methodology Talk

Open →2020-01

Deciphering Threat Modeling: Balancing Tools And Manual Approaches For Effective Security

Niharika Gehani

BSides Toronto · 2024

Technical Threat Modeling Methodology Talk

Open →2024-10

OH-SINT: Merging OSINT Into RE Workflows to Simplify Analysis

Nicholas Carroll

BSides Las Vegas · 2023

Technical Malware Analysis OSINT Reverse Engineering Threat Intel Case Studies and Incidents Analysis Methodology Talk

Open →2023-10

Risk is Not Axiomatic

Methodology Keynote

Open →2025-06

Processing Conti Leaks thru Carver Analysis

BSides Charlotte · 2023

Technical DFIR Threat Intel Threat Modeling Case Studies and Incidents Analysis Methodology Talk

Open →2023-09

Educating Your Guesses: How To Quantify Risk And Uncertainty by Sara Anstey

BSides Leeds · 2023

Technical Methodology Technical Deep-dives Talk

Open →2023-07

How to Lie with Statistics, Information Security Edition

Tony Martin-Vegue

BSidesSF · 2015

Research Methodology Talk

Open →2023-12

BSidesDFW2025 Track 2

BSides Dallas/Fort Worth · 2025

Policy Technical Network Security Privacy Threat Modeling Intermediary Red Case Studies and Incidents Analysis+2

Open →2025-11

How Zero Trusty is Your Network Access?

Derron Carstensen

BSides PDX 2025

Technical Network Security Threat Modeling Intermediary Empirical Research Methodology Talk

Open →2025-12

Elements of an Effective Software Supply Chain Strategy

BSides NYC · 2023

Research Supply Chain Security Methodology Surveys and Landmarks Talk

Open →2023-06

Guardians of the Logs: Monitoring SaaS with the Event Maturity Matrix

David Tocco Josh Rickard

BSides KC · 2023

Technical Cloud IAM Detection Engineering Threat Intel Intermediary Blue Case Studies and Incidents Analysis Methodology+1

Open →2023-10

Arbitrary Albatross: Neutral Names for Vulnerabilities at Volume

Art Manion Leigh Metcalf

BSides Las Vegas · 2018

Research Vulnerability Research Methodology Talk

Open →2018-09

Organizational Security Competencies and Cybersecurity Workforce Development (Donaven Haderlie)

BSides Boise · 2020

Career Research Career & Soft Skills Threat Modeling Case Studies and Incidents Analysis Methodology Talk

Open →2020-10

How to Prioritize Red Team Findings: Presenting CRTFSS (Common Red Team Findings Score System)

Guillermo Buendia

BSides Las Vegas · 2023

Technical Threat Intel Threat Modeling Red Methodology Talk

Open →2023-10

Sniffing Out Cert Abuse: A Dogged Approach to ESC Remediation

BSides NYC · 2025

Technical Active Directory Vulnerability Research Methodology Technical Deep-dives Talk

Open →2025-12

Framework for Embedded Device Analysis

Madison Oliver Kyle O'Meara

BSides Peru · 2017

Research Technical Methodology Technical Deep-dives Talk

Open →2017-10

From Application to Access: Detecting DPRK IT Workers Before They Become Insider Threats

BSides Seattle 2026

Technical Detection Engineering Social Engineering Threat Intel Intermediary Blue Case Studies and Incidents Analysis Methodology+1

Open →2026-03

Reimagining The Intelligence Deliverables Using Structured Threat Content by Gert-Jan Bruggink

Gert-Jan Bruggink

BSides Cheltenham · 2023

Research Threat Intel Methodology Talk

Open →2023-06

Who Makes the Rules?

BSides SLC · 2024

Research Technical AI Security Vulnerability Research Web AppSec Methodology Technical Deep-dives Talk

Open →2024-09

Acts of God: How Cybercriminals Leverage AI to Exploit Breaking News

BSides Seattle · 2026

Research Technical AI Security Malware Analysis Social Engineering Threat Intel Case Studies and Incidents Analysis Methodology+1

Open →2026-03

Defensive Counting: How to Quantify ICS Exposure on the Internet When the Data is Out to Get You

BSides Las Vegas · 2024

Research IoT OSINT Threat Intel Empirical Research Methodology Talk

Open →2024-09

Threat Activity Attribution: Differentiating the Who from the How

BSides Charm · 2018

Technical Threat Intel Blue Methodology Talk

Open →2021-05

Incident Response: A Scalable Methodology for Cyber Security Teams

Benjamin Edelen

BSides Denver · 2020

Technical DFIR Blue Methodology Talk

Open →2020-10

Red Teaming AI Systems for Security Validations

BSides Seattle · 2026

Technical AI Security Threat Modeling Vulnerability Research Red Case Studies and Incidents Analysis Methodology Talk

Open →2026-03

LLM-SRO: Ontology-Driven Security for LLMs

Dr. Thomas Heverin Caroline Ma Avery Buyer

BSides Philly · 2025

Research Technical AI Security LLM Security Threat Intel Threat Modeling Intermediary Methodology+2

Open →2026-02

Industrial Scale Hardware Hacking - Anthony Clark

BSides Albuquerque · 2024

Technical Hardware Hacking IoT Reverse Engineering Red Methodology Talk

Open →2024-08

Illuminate the Grid: Building Telemetry Through Purple Teaming

BSides Charlotte · 2026

Technical Detection Engineering Threat Intel Threat Modeling Purple Case Studies and Incidents Analysis Methodology Talk

Open →2026-04

Layering defenses: A new hope?

BSides Seattle 2026

Technical Threat Modeling Methodology Talk

Open →2026-04

Asking Questions and Writing Effectively

Christopher Lopez

BSides Toronto · 2020

Technical DFIR Intermediary Blue Methodology Talk

Open →2021-11

Predicting the Lifespans of Internet Services: Falling Down the ML Rabbit Hole

BSides Las Vegas · 2025

Research Case Studies and Incidents Analysis Empirical Research Methodology Talk

Open →2025-12

Building a Better Grid

BSides Charlotte · 2026

Research Technical Web AppSec Empirical Research Methodology Talk

Open →2026-04